molecule-core

History

Hongming Wang 855d423f6c review: split push steps, runbook for secret rotation, username clarity Addresses PR #82 code review: 🟡×3 + 🔵×5. - Fly registry login username: 'x' → 'molecule-ai' + explanatory comment. - Build & push split into two steps (GHCR / Fly registry) so a single- registry outage can't fail the other. Second step uses 'if: always()' to ensure Fly mirror runs even if GHCR push flakes. - docs/runbooks/saas-secrets.md: full secret map + rotation procedures for every SaaS credential, with danger-case callouts. Documents the coupled FLY_API_TOKEN (lives in GHA secret AND fly secrets — must be rotated in both). - CLAUDE.md: new 'SaaS ops' section linking to the runbook.	2026-04-14 17:09:11 -07:00
..
ci.yml	ci: post canvas deploy reminder comment after every main merge	2026-04-14 08:28:42 +00:00
publish-platform-image.yml	review: split push steps, runbook for secret rotation, username clarity	2026-04-14 17:09:11 -07:00

Hongming Wang 855d423f6c review: split push steps, runbook for secret rotation, username clarity

Addresses PR #82 code review: 🟡×3 + 🔵×5.

- Fly registry login username: 'x' → 'molecule-ai' + explanatory comment.
- Build & push split into two steps (GHCR / Fly registry) so a single-
  registry outage can't fail the other. Second step uses 'if: always()'
  to ensure Fly mirror runs even if GHCR push flakes.
- docs/runbooks/saas-secrets.md: full secret map + rotation procedures
  for every SaaS credential, with danger-case callouts. Documents the
  coupled FLY_API_TOKEN (lives in GHA secret AND fly secrets — must be
  rotated in both).
- CLAUDE.md: new 'SaaS ops' section linking to the runbook.

2026-04-14 17:09:11 -07:00

ci.yml

ci: post canvas deploy reminder comment after every main merge

2026-04-14 08:28:42 +00:00

publish-platform-image.yml

review: split push steps, runbook for secret rotation, username clarity

2026-04-14 17:09:11 -07:00